News items for tag linux - Koos van den Hout

2017-11-13 Linux and enabling NFSv4 name mapping 4 weeks ago
Note: even with full name mapping enabled you will still have problems. To get this mapping fully working you will need to establish trust relations via kerberos.

When I shared my article on NFSv4 on the synology I noticed I left out the fundamentals about Linux and NFSv4 with name mapping. All kernels I nowadays run into have the same preference to disable using names over NFSv4 because somewhere the decision was made to assume most Linux systems will be in an environment with centralized UID/GID management.

In any environment with devices with their own UID/GID management (such as synology devices without central LDAP) this will not be true. So the defaults need an override.

The runtime way to change this is, for the nfs client kernel process:
# echo N > /sys/module/nfs/parameters/nfs4_disable_idmapping
And for the nfsd server kernel process:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Notice the one letter difference.

To make this change more permanent, set up a file with a name like /etc/modprobe.d/local-config.conf with
options nfs nfs4_disable_idmapping=0
options nfsd nfs4_disable_idmapping=0
And you still need to set /etc/idmapd.conf on all systems involved (both clients and servers) with the same value for the 'Domain'. I obviously have:
[General]

Verbosity = 0
Pipefs-Directory = /run/rpc_pipefs
# set your own domain here, if id differs from FQDN minus hostname
Domain = idefix.net

[Mapping]

Nobody-User = nobody
Nobody-Group = nogroup
And enable idmapd. How you enable this depends on your Linux distribution. In ubuntu server it's in /etc/default/nfs-common with
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=yes

Tags: ,
2017-11-10 Really disabling framebuffer on a modern linux 1 month ago
Framebuffer is nice but I want it really disabled on my new homeserver 2017 because that will end up in the attic where I don't want a repeat of the earlier Linux-related radio interference problem. And for virtual machines it's a bit of overkill too.

To disable framebuffer in both grub and the running Linux it has to be disabled twice. Both in /etc/default/grub which now has these two lines:
GRUB_CMDLINE_LINUX_DEFAULT="nomodeset"

GRUB_TERMINAL=console

Tags: , ,
2017-11-10 NFSv4 on the synology isn't complete NFSv4 until you do some special configuration 1 month ago
This solution fails at the moment I start using rsync to sync directories to the Synology. Update when I find out where that goes wrong.

I am now using a synology for storage in the home network. Linux clients use NFS to access the Synology, and nowadays the default NFS version is version 4, which does things quite differently from version 3. NFS version 4 is supposed to use user names with NFS domain names and rpc.idmapd instead of numeric user and group IDs.

After serious debugging I found out NFSv4 with the synology doesn't use names as I expected. I kept looking at nfs client settings but eventually I used tcpdump, wireshark and tshark to find out owner names aren't used at all. Numerical UIDs are used as text in the NFSv4 answers, even for files that have an owner that is known in the synology. As if the nfs4_disable_idmapping=0 is never set for the NFS server.

I confirmed this with capturing the NFS traffic with tcpdump and analyzing the pcap files with wireshark and tshark. I indeed see:
                        reco_attr: Owner (36)
                            fattr4_owner: 1026
                                length: 4
                                contents: 1026

A lot of google searching confirms this, including anyone have nfsv4 actually working? - Synology Forum. The next step is to adjust the idmapping in the running kernel on the synology, using:
# echo N > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Now I indeed see the right strings in the NFSv4 traffic, but the idmapd on the client doesn't translate for some reason. Fixing the /etc/idmapd.conf file helped.

The next step is to make this change permanent on the synology. Adding a file /etc/modules.local.conf with
module_nfsd_args="nfs4_disable_idmapping=0"
does the trick. This I learned from reading the startup file /etc/rc.subr which loads the kernel modules.

And now I see the right data in the NFS traffic:
                        reco_attr: Owner (36)
                            fattr4_owner: koos@idefix.net
                                length: 15
                                contents: koos@idefix.net
And the user mapping works. On an older system I have UID 501, on the synology I have UID 1026 and on a new system I have UID 1000, and I'm owner of the files everywhere.

Tags: , ,
2017-10-15 Getting to play VIC-20 games again 1 month ago
VIC-20 startscreen Ages ago my first homecomputer was a Commodore VIC-20. I did basic programming on it and played some games. I remember the game Centipede and loading games from audio cassette.

These days games seem to be enormously complex and expensive or filled with advertisments. I don't like these, the last time I seriously invested time in a game was Pinball Dreams.

I found out about the VIC-20 emulator xvic, part of the vice package. I even bought a cheap USB joystick to use. I never had a joystick with my VIC-20 so it was about time to get one. This joystick is a DragonRise Inc. Generic USB Joystick (yes, including the spaces) and I noticed today it wasn't working right: up and down on the joystick did not work. I found out eventually the left and right on the second stick mapped to up and down, thanks to a simple joystick tester from Joystick - Denialwiki in 7 lines of Basic.

Some searching found DragonRise USB Driver Issue - RetroPie which mentions this issue in hid-dr.ko happened in Linux 4.4 - 4.9.

I did not feel like going back to compiling my own kernels for this laptop, but there is a simple solution in Ubuntu 16.04: use hwe (hardware enablement) kernels. These seem to be aimed at the long term support server versions, but they fix my joystick problem and I can play centipede.

Tags: , , ,
2017-10-11 Haproxy on the new home server and devuan upgrades 2 months ago
I got around again to working on the new homeserver 2017 and I worked on the installation of a 'testing' virtual machine with virt-install. This test machine also runs devuan linux. The first application I was testing on there is haproxy.

haproxy I noticed some defaults I did not expect (such as preferring IPv4 over IPv6). It seems the 'stable' devuan has the same age issues as 'stable' debian. Otherwise haproxy does what it is supposed to and I may standardize on it.

Upgrading was easy, I looked at Upgrading Devuan Jessie to Ascii and just changed jessie to ascii in /etc/apt/sources.list and did an apt-get dist-upgrade. The only minor issue afterwards is that the system now insists on using framebuffer video, which I find overkill for a virtual machine. VGA 80x25 is fine.

Tags: , , ,
2017-10-09 Interesting NFS exports problem 2 months ago
I am used to being unable to unmount filesystems as long as they are NFS exported. It took me a while to find out how to correctly unexport filesystems before trying to unmount them. The easy solution would be to unexport everything and just export the other filesystems, but I'd rather not interrupt NFS availability of other filesystems.

So it was time to check some large filesystems again and I'd rather not do that during boot as it can delay booting for up to an hour. Currently those filesystems are exported via IPv4 and IPv6. Removing the export for IPv4 is easy:
# exportfs -u 192.168.1.0/255.255.255.0:/export
But for IPv6 it gets harder:
# exportfs -u 2001:db8:a::/64:/export
exportfs: Invalid unexporting option: 2001
So it is still exported via IPv6. And next thing I try to unmount it and notice it's ok to unmount a filesystem that is only exported via IPv6. I guess this shows some interesting bug.

Tags: , ,
2017-08-24 Uploading FT8 contacts to LoTW from CQRLOG 3 months ago
Other people from my radioclub were reporting they uploaded FT8 contacts to LoTW so I wanted to try this too. I uploaded earlier contacts as 'DATA' (and got some confirmations) but FT8 is the correct mode so I wanted to re-upload them.

After my earlier experiences uploading FT8 contacts to eQSL I expected some database work to be able to upload those contacts again. Finding the right field to set to the right value was a bit of work since I expected the approach to be similar but it wasn't. In the end:
$ mysql -S /home/koos/.config/cqrlog/database/sock cqrlog002
mysql> update cqrlog_main set lotw_qsls = '' where mode='FT8';
Query OK, 77 rows affected (0.01 sec)
Rows matched: 78  Changed: 77  Warnings: 0
That's after trying most lotw related fields and values.

Tags: , ,
2017-07-24 Last night receiving ISS SSTV images 4 months ago
And a third night. I used the timed recording option of audacity, which in the current linux version does not offer the option to set in advance how to save the project. This time I 'only' recorded for 7 hours, and was able to save the project afterwards without needing a recover. But on reloading the saved project audacity complained about some internal error in it, and it still had the problem of assuming 44.1 kHz sampling while showing the project sample rate as 48 kHz. Anyway, images decoded from the audio and I even recieved a few new ones.

Tags: , , ,
2017-07-24 Getting a lot more entropy from the Raspberry Pi 4 months ago
Entropy graph of a Raspberry Pi On doing some research on randomness in Linux I found out about the rng-tools package which includes rngd which can get randomness from hardware random generators to linux /dev/random.

On the main homeserver greenblatt there was no hardware randomness source available, I already use randomsound to generate randomness from audio noise. I found out the Raspberry Pi has a hardware randomness source so I installed rng-tools and rngd was able to use it. The impact on the measured available entropy is quite visible.

Tags: , ,
2017-07-21 Received slow scan TV images from ISS while I was sleeping 4 months ago
I read about the current ARISS Celebrates it’s 20th Anniversary through SSTV Event and noticed the planned times weren't really compatible with my day/night cyclus. I know, as a hardcore radio amateur I should be up at the weirdest hours for rare events but I also like my sleep a lot and my wife really dislikes alarms at weird hours.

Automation to the rescue: I decided to record all of a night of ISS signals on the computer with audacity and decode images from it later. The computer adjusted the radio for doppler using gpredict. Since I don't have an automatic rotor for satellite antennas I used the VHF/UHF vertical. This may seem strange but the weakest signals from ISS are when it is right above the horizon (which is when the vertical has the best reception). And as noticed on earlier SSTV events that compared to other amateur satellites the ISS has a strong signal.

So I left it running for a night and checked the results afterwards. The result was a 9 hour recording and audacity decided to hang after stopping the recording. I made a backup copy of the audio data just to be safe and restarted audacity. Luckily it recovered the project fine after restarting.

With a recent version of qsstv I decoded the recorded audio and searched for ISS passes in the recording.

The result is 13 decodes in one night. It turns out it received audio from a number of low passes that I did not see in gpredict because I have gpredict set up to skip low passes (those that don't come above a 20 degree angle above the horizon). But the strong signals from ISS make those show up in my radio anyway.

Decoded and seen the numbers sofar: 11 (partially), 12, 9, 10, 9, 10, 9 (partially), 9, 7, 8.

Tags: , , , ,
2017-07-17 Now NetworkManager generates resolv.conf .. and starts with legacy IP 4 months ago
I removed rdnssd and resolvconf and fixed the symlink linking /var/run/NetworkManager/resolv.conf and /etc/resolv.conf by hand. The file /etc/NetworkManager/NetworkManager.conf now says:
dns=none
rc-manager=file
But now I run into the 'NetworkManager prefers IPv4 resolvers' again, leaving me with the resolvers from the DHCP answer before those from the IPv6 route advertisment. The search domains are fine now.

Tags: , ,
2017-07-16 Uploading FT8 contacts to eQSL 4 months ago
This evening I noticed incoming FT8 QSO's in eQSL, so the mode is now recognized there. But I needed to retry uploading all FT8 contacts to get them to upload. It took a bit of experimenting, but finally the right SQL command to mark the contacts as not uploaded was:
$ mysql -S /home/koos/.config/cqrlog/database/sock cqrlog002
mysql> update cqrlog_main set eqsl_qslsdate = NULL where mode='FT8';
Query OK, 24 rows affected (0.02 sec)
Rows matched: 26  Changed: 24  Warnings: 0
And now they are all uploaded.

That is about a week between first seeing mentions of FT8 in radio amateur news and the first confirmed contacts.

Tags: , ,
2017-07-16 SSH attacks by Java 4 months ago
Jul 16 04:17:01 greenblatt sshd[9365]: reverse mapping checking getaddrinfo for 121-124-124-73.youiwe.co.kr [121.124.124.73] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 16 04:17:01 greenblatt sshd[9365]: Invalid user 1234 from 121.124.124.73
Jul 16 04:17:01 greenblatt sshd[9365]: input_userauth_request: invalid user 1234 [preauth]
Jul 16 04:17:01 greenblatt sshd[9365]: Received disconnect from 121.124.124.73: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
That last bit is not from my sshd but an error message related to a java library for ssh, as noted in Reasons for com.jcraft.jsch.JSchException: Auth fail | Maximilian Böhm which correctly notes that attacks are a reason.

Tags: , ,
2017-07-15 More resolving via IPv6 4 months ago
I was reading Debian Stretch - Het Lab Henk van de Kamer (in Dutch) which mentions removing package rdnssd to avoid a dependency problem. But I like rdnssd as it helps use the nameservers available via IPv6 in a network with only SLAAC and no DHCPv6.

Right away I had to check on my own laptop with Ubuntu 16.04 and noticed all traffic was going to the IPv4 address of the local resolver. Which is not what I want, I want to prefer IPv6 when possible. Searching found Bug #936712 “NetworkManager should put IPv6 DNS servers before I...” : Bugs : network-manager package : Ubuntu which is indeed what I saw, and it's still showing in Ubuntu 16.04 Xenial.

My solution was to stop using dnsmasq, and switch to a generated resolv.conf from NetworkManager. To do that I had to update /etc/NetworkManager/NetworkManager.conf to have:
#dns=dnsmasq
dns=none
rc-manager=file
And now I have a resolv.conf with only 3 IPv6 nameservers and no search domains. Not exactly what I want, but at least IPv6 is preferred. I considered something using only the first three resolvers because that is a maximum somewhere but just advertising two resolvers via radvd also makes two show up in the generated resolv.conf. This is not perfect. The generated resolv.conf has comments that it is generated by resolvconf so maybe this is a conflict between resolvconf and NetworkManager not in 'use resolvconf' mode.

Tags: , ,
2017-07-10 Raspbian mirrors sometimes fail when IPv6-only 5 months ago
Just happening:
Err http://mirrordirector.raspbian.org/raspbian/ jessie/main libgcrypt20 armhf 1.6.3-2+deb8u4
  Cannot initiate the connection to raspbian.42.fr:80 (163.172.250.246). - connect (101: Network is unreachable) [IP: 163.172.250.246 80]
It seems mirrordirector.raspbian.org redirects to IPv4-only sites even when the client connects via IPv6. My Raspberry Pi systems have IPv4 disabled. It's a known problem in Bug #1595563 “Native IPv6 client redirected to IPv4-only mirror” : Bugs : Raspbian where people seem to rather ignore the problem. I could reverse the statement there to "a service that can only be accessed by v4 nodes cannot be reasonablly considered to be available on the internet." but I guess that's "different".
Read the rest of Raspbian mirrors sometimes fail when IPv6-only

Tags: , ,
2017-06-14 Controlling the SARK100 antenna analyzer from Linux 5 months ago
The SARK100 antenna analyzer I bought also has the option to be controlled over an USB interface (other versions even have bluetooth support). Over USB it is possible to automate the measurements and have the results returned to the controlling computer.

For Linux software is available: SARK100 Antenna Analyzer Linux Software also via github with updates coddingtonbear/sark-100-antenna-analyzer.

I cloned the git repository and guessed that the command to build a 32-bit version would be:
koos@thompson:~/radiowork/sark-100-antenna-analyzer$ mkdir build
koos@thompson:~/radiowork/sark-100-antenna-analyzer$ cd build
koos@thompson:~/radiowork/sark-100-antenna-analyzer/build$ qmake -spec linux-g++ -o Makefile ../analyzer/analyzer.pro
This indeed compiled into a working 32-bit binary. Needed because the 'main radio desktop' can't run a 64-bit linux. The laptop does not have this problem.

Attic dipole on 10 m analyzed by the Sark100 analyzer and linux software
The attic dipole on 10m analyzed with the Sark100 analyzer and linux software
Attic dipole on 20 m analyzed by the Sark100 analyzer and linux software
The attic dipole on 20m analyzed with the Sark100 analyzer and linux software
And after compiling the software comes using the software. It works nicely and does what it says on the packaging.

Tags: , ,
2017-06-02 Upgraded the BIOS on the Alix 1.c box 6 months ago
I finally had some time to upgrade the BIOS on the Alix 1.c box (ritchie). It was a lot easier to do this with the flashrom utility than to do this with DOS boot floppies!

I just made sure again I checked the old bios version, which turned out to be alixbio3, and upgraded to alixbio8 from the PC Engines Alix 1.c page.

Now the machine boots without a screen attached. I also swapped the mainboard battery as it kept forgetting the current time.

Writing a bios file with flashrom is just changing the -r to a -w from the reading the flashrom command.

But this does not help the serial ports: those seem to be dead for good.

Tags: , ,
2017-05-12 SSH usernames being tried 7 months ago
Usernames seen in ssh attempts: 0 1 a a0 adm admin admln agnes ajay apache ask bin byte cactiuser CarpeDiem cisco cs daniel data db2inst1 debian D-Link erp ezrena faxadmin ftp ftpuser glassfish gpadmin guest help jesus lancer maile mailers marifer maronique media mis mysql nodeclient ooooooooo opuser oracle perl personnel pi pig PlcmSpIp postmaster postpone remote root roote rppt sales shop student support test testing ts ts3 turbo ubnt ubuntu user vnc wildfly willy xbmc And the '' username (empty string). By numbers root has the highest number of attempts.

Tags: , ,
2017-05-10 Changes in the future .. or living in the past 7 months ago
Interesting error message today:
Jan  1 01:01:02 ritchie CRON[1834]: pam_unix(cron:account): account koos has password changed in future
But it is caused by the system realtimeclock being completely wrong and assuming the date is 1 January 1990 or something. It probably needs a new battery. Or maybe a whole new system, this is from the system ritchie that started life as the wardriving box which was bought in 2008.

Tags: , ,
2017-04-29 Using kalibrate-rtl to calibrate the rtl-sdr frequency 7 months ago
In my project to receive amateur satellites with the rtl-sdr I noticed the sdr itself has a considerable frequency error as noted in Going full duplex with amateur satellites, part 5 : first test of the amplifier with RTL-SDR.

Using the PI2NOS output frequency I ended up at an error of 54 ppm so I entered that in gqrx. But to be really sure there is a program named kalibrate-rtl available via GitHub - steve-m/kalibrate-rtl: fork of http://thre.at/kalibrate/ for use with rtl-sdr devices.

I had some trouble finding the right way to use this program so I am sharing my steps here. First try to guess the error by using a known frequency such as a local repeater (especially when they mention using GPS to maintain frequency) or a broadcast FM station.

First step with kalibrate-sdr is to scan for GSM channels which are strong enough. I noticed in later runs that I really need to add the first guessed frequency error, otherwise it will not find the GSM channels at all.
koos@kernighan:~/radiowork/kalibrate-rtl/src$ ./kal -s GSM900 -e 54
Found 1 device(s):
  0:  Generic RTL2832U OEM

Using device 0: Generic RTL2832U OEM
Found Rafael Micro R820T tuner
Exact sample rate is: 270833.002142 Hz
[R82XX] PLL not locked!
kal: Scanning for GSM-900 base stations.
GSM-900:
        chan: 8 (936.6MHz + 724Hz)      power: 67277.85
        chan: 17 (938.4MHz + 606Hz)     power: 36428.54

Second step with kalibrate-sdr is to select a GSM channel to use for the calibration run. I selected channel 8 which looks quite active.
koos@kernighan:~/radiowork/kalibrate-rtl/src$ ./kal -e 54 -c 8
Found 1 device(s):
  0:  Generic RTL2832U OEM

Using device 0: Generic RTL2832U OEM
Found Rafael Micro R820T tuner
Exact sample rate is: 270833.002142 Hz
[R82XX] PLL not locked!
kal: Calculating clock frequency offset.
Using GSM-900 channel 8 (936.6MHz)
average         [min, max]      (range, stddev)
+ 169Hz         [85, 251]       (166, 49.119198)
overruns: 0
not found: 0
average absolute error: 53.820 ppm
And only in that step you get the output with the calculated frequency error.

Update: Doing this calibration is also a good idea for the stick running the ads-b receiver. That came out to -30 ppm and using that factor makes dump1090 receive signals from greater distances.

Tags: , , ,
  Older news items for tag linux ⇒
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews, Weather maps